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WHAT IS CLAIMED TS : 

1 1 . A method for managing access to resources, comprising: 

2 exchanging encryption keys among a first entity, second entity, third entity, and a 

3 fourth entity, wherein each entity has one relationship with one other entity, and wherein the 

4 encryption keys are exchanged pursuant to the relationships; and 

5 encrypting with the encryption keys electronic messages concerning digital 



6 enrollments to provide to the first entity, wherein the digital enrollment is associated with at 

7 least one digital ticket that authorizes access to a resource managed by the fourth entity, 

8 wherein presentation of the digital enrollment causes the presentation of one digital ticket 

9 associated with the digital enrollment to authorize the first entity to access the resource. 



1 2. The method of claim 1, wherein the first entity and the second entity have a 

2 first relationship such that the first entity is associated with the second entity and wherein the 

3 second entity and third entity have a second relationship through which entities associated 

4 with the second entity can access resources managed by the fourth entity. 

1 3. The method of claim 2, wherein the third entity and fourth entity have a third 

2 relationship through which the fourth entity makes managed resources available to entities 

3 designated by the third entity. 

1 4. The method of claim 3, wherein exchanging the encryption keys further 

2 comprises: 

3 transmitting, with the fourth entity, the fourth entity encryption key to the third entity; 

4 transmitting, with the third entity, the third entity and fourth entity encryption keys to 

5 the second entity after receiving the fourth entity encryption key from the fourth entity; and 

6 transmitting, with the second entity, the second entity, third entity, and fourth entity 

7 encryption keys to the first entity after receiving the third entity and fourth entity encryption 

8 keys fix)m the third entity. 
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1 5 . The method of claim 3, wherein exchanging the encryption keys further 

2 comprises: 

3 transmitting, with the first entity, the first entity encryption key to the second entity; 

4 transmitting, with the second entity, the first entity and second entity encryption keys 

5 to the third entity after receiving the fist entity encryption key fi-om the first entity; and 

6 transmitting, with the third entity, the first entity, second entity, and third entity 

7 encryption keys to the first entity after receiving the first and second entity encryption keys 

8 firom the second entity. 

1 6. The method of claim 1, further comprising: 

2 using, with tiie second entity, tiie first entity encryption key received during the 

3 exchange of encryption keys to encrypt a message including at least one digital enrollment 

4 to the first entity that the first entity can use to access the resource; and 

5 using, with the first entity, the second entity encryption key received during the 

6 exchange of encryption keys to decrypt the message received firom the second entity 

7 providing the digital enroUment. 

1 7. The method of claim 6, flirther comprising: 

2 using, with the second entity, the second entity encryption key to encrypt the 

3 message including the digital enrollment before encrypting the message with the first entity 

4 encryption key. 

1 8. The metiiod of claim 1, further comprising: 

2 using, with tiie first entity, the encryption key of tiie fourth entity received during the 

3 exchange of encryption keys to encrypt a message including the digital enrollment to access 

4 tiie resource managed by tiie fourth entity; and 
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5 using, with the fourth entity, the first entity encryption key received during the 

6 exchange of encryption keys to decrypt the message received from the first entity providing 

7 the digital enrollment. 

1 9. The method of claim 1, wherein exchanging the encryption keys further 

2 comprises exchanging the encryption keys with a fifth entity, further comprising: 

3 maintaining, with the fifth entity, a mapping of digital enroUment to associated digital 

4 tickets; 

5 using, with the first entity, the encryption key of the fifth entity received during the 

6 exchange of encryption keys to encrypt a message including the digital enroUment to 

7 transmit to the fifth entity; 

8 using, with the fifth entity, the first entity encryption key received during the 

9 exchange of encryption keys to decrypt the message received from the first entity providing 

10 the digital enrollment; 

1 1 processing the mapping to determine the digital tickets associated with the received 

12 enrollment; and 

1 3 using, with the fifth entity, the first entity encryption key received during the 

14 exchange of encryption keys to encrypt a message including the digital tickets to transmit to 

1 5 the first entity to use to access the resource from the fourth entity. 

1 10. The metiiod of claim 9, further comprising: 

2 usLQg, with the first entity, the encryption key of the fourth entity received during the 

3 exchange of encryption keys to encrypt a message including the digital ticket received from 

4 tiie fifth entity to send to the fourth entity; and 

5 using, with the fourth entity, the first entity encryption key received during the 

6 exchange of encryption keys to decrypt the message received from the first entity providiag 

7 the digital tickets; 
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8 granting, with the fourth entity, the first entity access to the resource if the digital 

9 ticket included in the decrypted message authorizes access to the resource. 

1 11. The method of claim 1, wherein the resource consists of a resource that is a 

2 member of the set of resources comprising: data, computer programs, and control of an 

3 electro-mechanical machine. 

1 12. A system for managing access to resources, comprising: 

2 means for exchanging encryption keys among a first entity, second entity, third 

3 entity, and a fourth entity, wherein each entity has one relationship with one other entity, and 

4 wherein the encryption keys are exchanged pursuant to the relationships; and 

5 means for encrypting with the encryption keys electronic messages concerning 



6 digital enrollments to provide to the first entity, wherein the digital enrollment is associated 

7 with at least one digital ticket that authorizes access to a resource managed by the fourth 

8 entity, wherein presentation of the digital enrollment causes the presentation of one digital 

9 ticket associated with the digital enrollment to authorize the first entity to access the 
10 resource. 

1 13. The system of claim 12, wherein the first entity and the second entity have a 

2 first relationship such that the first entity is associated with the second entity and wherein the 

3 second entity and third entity have a second relationship through which entities associated 

4 with the second entity can access resources managed by the fourth entity. 

1 14. The system of claim 13, wherein the third entity and fourth entity have a 

2 third relationship through which the fourth entity makes managed resources available to 

3 entities designated by the third entity. 
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1 15. The system of claim 14, wherein the means for exchanging the encryption 

2 keys further performs: 

3 transmitting, with the fourth entity, the fourth entity encryption key to the third entity; 

4 transmitting, with the third entity, the third entity and fourth entity encryption keys to 

5 the second entity after receiving the fourth entity encryption key from the fourth entity; and 

6 transmitting, with the second entity, the second entity, third entity, and fourth entity 

7 encryption keys to the first entity after receiving the third entity and fourth entity encryption 

8 keys from the third entity. 

1 16, The system of claim 14, wherein the means for exchanging the encryption 

2 keys fiarther performs: 

3 transmitting, with the first entity, the first entity encryption key to the second entity; 

4 transmitting, witii the second entity, the first entity and second entity encryption keys 

5 to the third entity after receiving the fist entity encryption key fiom tiie first entity; and 

6 transmitting, witii the third entity, the first entity, second entity, and third entity 

7 encryption keys to the first entity after receiving the first and second entity encryption keys 

8 from the second entity. 

1 17. The system of claim 12, fiirther comprising: 

2 means for using, with tiie second entity, tiie first entity encryption key received 

3 during tiie exchange of encryption keys to encrypt a message including at least one digital 

4 enrollment to tiie first entity tiiat tiie first entity can use to access tiie resource; and 

5 means for using, with tiie first entity, the second entity encryption key received 

6 during the exchange of encryption keys to decrypt the message received from the second 

7 entity providing tiie digital enrollment. 
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1 18. The system of claim 1 7, further comprising: 

2 means for using, with the second entity, the second entity encryption key to encrypt 

3 the message including the digital enrollment before encrypting the message with the first 

4 entity encryption key. 

1 19. The system of claim 12, further comprising: 

2 means for using, with the first entity, the encryption key of the fourth entity received 

3 during the exchange of encryption keys to encrypt a message includmg the digital enrolhnent 

4 to access the resource managed by the fourth entity; and 

5 means for using, with the fourth entity, the first entity encryption key received during 

6 the exchange of encryption keys to decrypt the message received firom the first entity 

7 providing the digital enrollment. 

1 20. The system of claim 12, wherein the means for exchanging the encryption 

2 keys further performs exchanging the encryption keys with a fifth entity, further comprising: 

3 means for maintaining, with the fiftii entity, a mapping of digital enrollment to 

4 associated digital tickets; 

5 means for using, with the first entity, the encryption key of the fifth entity received 

6 during the exchange of encryption keys to encrypt a message including the digital enrollment 

7 to transmit to the fifth entity; 

8 means for using, with the fifth entity, the first entity encryption key received during 

9 the exchange of encryption keys to decrypt the message received fi-om the first entity 

1 0 providing the digital enrollment; 

1 1 means for processing the mapping to determine the digital tickets associated with 

1 2 the received enrolhnent; and 

1 3 means for using, with the fifth entity, the first entity encryption key received during 

14 the exchange of encryption keys to encrypt a message including the digital tickets to 

1 5 transmit to the first entity to use to access the resource fi:'om the fourth entity. 
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2 1 . The system of claim 20, further comprising: 

means for using, with the first entity, the encryption key of the fourth entity received 
during the exchange of encryption keys to encrypt a message including the digital ticket 
received from the fifth entity to send to the fourth entity; and 

means for using, with the fourth entity, the first entity encryption key received during 
the exchange of encryption keys to decrypt the message received from the first entity 
providing the digital tickets; and 

means for granting, with the fourth entity, the first entity access to the resource if the 
digital ticket included in the decrypted message authorizes access to the resource. 

22. The system of claim 12, wherein the resource consists of a resource that is 
a member of the set of resources comprising: data, computer programs, and control of an 
electro-mechanical machine. 

23. An article of manufacture including code executed by a first entity, second 
entity, third entity, and fourth entity to manage access to a resource, comprising: 

code executed by the first, second, third, and fourth entities to receive encryption 
keys of all the other entities wherein each entity has one relationship with one other entity, 
and wherein the enciyption keys are exchanged pursuant to the relationships; and 

code executed by the first entity to receive electronic messages concerning digital 
enrollments encrypted with the encryption keys of at least one of the first, second, and third 
entities, wherein the digital enrollment is associated with at least one digital ticket that 
authorizes access to a resource managed by the fourth entity, wherein presentation of the 
digital enrollment causes the presentation of one digital ticket associated with the digital 
enrollment to authorize the first entity to access the resource. 
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24. The article of manufacture of claim 23, wherein the first entity and the 
second entity have a first relationship such that the first entity is associated with the second 
entity and wherein the second entity and third entity have a second relationship through 
which entities associated with the second entity can access resources managed by the 
fourth entity. 

25. The article of manufacture of claim 24, wherein the third entity and fourth 
entity have a third relationship through which the fourth entity makes managed resources 
available to entities designated by the third entity. 

26. The article of manufacture of claim 23, fiirther comprising: 

code executed by the second entity to use the first entity encryption key received 
during the exchange of encryption keys to encrypt a message including at least one digital 
enrollment to the first entity that the first entity can use to access the resource; and 

code executed by the first entity to use the second entity encryption key received 
during the exchange of encryption keys to decrypt the message received from the second 
entity providing the digital enrollment. 

27. The article of manufacture of claim 26, further comprising: 

code executed by the second entity to use the second entity encryption key to 
encrypt the message including the digital enrollment before encrypting the message with the 
first entity encryption key. 

28. The article of manufacture of claim 23, further comprising: 

code executed by the first entity to use the encryption key of the fourth entity 
received during the exchange of encryption keys to encrypt a message including the digital 
enrollment to access the resource managed by the fourth entity; and 
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5 code executed by the fourth entity to use the first entity encryption key received 

6 during the exchange of encryption keys to decrypt the message received from the first entity 

7 providing the digital enrollment. 

1 29. The article of manufacture of claim 23, wherein exchanging the encryption 

2 keys further comprises exchanging the encryption keys with a fifth entity, further comprising: 

3 code executed by the fifth entity to maintain a mapping of digital enrollments to 

4 associated digital tickets; 

5 code executed by the first entity to use the encryption key of the fifth entity received 

6 during the exchange of encryption keys to encrypt a message including the digital enrollment 

7 to transmit to the fifth entity; 

8 code executed by the fifth entity to use the first entity encryption key received 

9 during the exchange of encryption keys to decrypt the message received from the first entity 

1 0 providing the digital enrollment; 

1 1 code executed by the fifth entity to process the mapping to determine the digital 

1 2 tickets associated with the received enrollment; and 

1 3 code executed by the fifth entity to use the first entity encryption key received 

14 during the exchange of encryption keys to encrypt a message including the digital tickets to 

1 5 transmit to the first entity to use to access the resource from the fourth entity. 

1 30. The article of manufacture of claim 29, further comprising: 

2 code executed by the first entity to use the encryption key of the fourth entity 

3 received during the exchange of encryption keys to encrypt a message including the digital 

4 ticket received from the fifth entity to send to the fourth entity; and 

5 code executed by the fourth entity to use tiie first entity encryption key received 

6 during the exchange of encryption keys to decrypt the message received from the first entity 

7 providing the digital tickets; and 
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8 code executed by the fourth entity to grant the first entity access to the resource if 

9 the digital ticket included in the decrypted message authorizes access to the resource. 

1 31. The article of manufacture of claim 23, wherein the resource consists of a 

2 resource that is a member of the set of resources comprising: data, computer programs, and 

3 control of an electro-mechanical machine. 



